Where to find a Security Certification / Audit for my WHMCS?

[rhbkweb]

Hi,

 

We are using WHMCS and we have it installed on our own VPS server. All our client information is highly confidential so security for us is very important.

 

Because of that we have already made all security measures on the server and also on whmcs that we can think off.

 

So now we are looking to join a security certification program, from a external company who can test and check our server and whmcs application in terms of security and have it certified.

 

From what we have search we have yet only found the following service from TRUSTed company: http://www.truste.com/products-and-services/enterprise-privacy/TRUSTed-websites

 

But i think that the service form TRUSTed is only for USA based companies and we are a company located in Europe, so our interest it to meet with all European security laws and best practices.

 

So, my question to everyone that is reading this thread is to advice on companies that make this kind of security audits on servers and applications, especially and valid for Europe based companies.

 

Thanks

[WHMCS JamesX]

Are you wanting PCI audits and/or application/network scans and/or other? There's always the McAfee SECURE service. I was using McAfee SECURE for the longest time, but have recently migrated over to Trust Guard though.

[rhbkweb]

Are you wanting PCI audits and/or application/network scans and/or other? There's always the McAfee SECURE service. I was using McAfee SECURE for the longest time, but have recently migrated over to Trust Guard though.

 

Hi JS-James, thanks for your response and advice. My WHMCS does not stores Credit Card information because i use an external payment gateway. What im looking is for application / website / company security certification / compliance.

 

Any advices?

[WHMCS JamesX]

What im looking is for application / website / company security certification / compliance.

I'd suggest that you research the different service providers to see which would fit your own needs the best. However, I'm using Trust Guard for the services that you'd mentioned. I'm happy with their multi-seal package. Prior, I was using McAfee SECURE for daily PCI scans. Now though, I have that and more from Trust Guard.

[rodeoXtreme]

There are a number of Authorized Scanning Vendors (ASV) companies that offer PCI compliance Certification. I recommend that the ASV allows you to scan as often as you want between the required quarterly scans (I say required because we recently were hired by a mid sized insurance company that had their Merchant Account frozen because they did not have their quarterly certification). Additionally, if you are a small merchant account and you can file a SAQ (Self Assessment Questionnaire) use the ASV that includes the SAQ as part of their offering. Finally, even if you do not store credit cards your are still required to comply to PCI 3.0 which includes the annual SAQ, penetration test and Policy Sets on file. I have found ASV's as low as $300 US per year.

 

Final thought about your location; if you are in Europe; confirm that the ASV is authorized in your country.